WordPress All in One Time Clock Lite plugin <= 2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Clocking In/Out vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary Clocking In/Out vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin All in One Time Clock Lite versions = 2.0...

WordPress plugin All in One Time Clock Lite 安全漏洞

WordPress All in One Time Clock Lite plugin is a plugin for tracking employee attendance and supports employee/volunteer/contractor punch record management. The WordPress All in One Time Clock Lite plugin suffers from an insecure direct object reference vulnerability that stems from the applicati...

SUSE CVE-2022-50477

In the Linux kernel, the following vulnerability has been resolved: rtc: class: Fix potential memleak in devmrtcallocatedevice devmrtcallocatedevice will alloc a rtcdevice first, and then run devsetname. If devsetname failed, the rtcdevice will memleak. Move devmaddactionorreset in front of...

EUVD-2003-0974

Malware in sbrugna...

EUVD-2021-18899

Malware in sbrugna...

CVE-2022-50477

CVE-2022-50477 (Linux kernel): A memory leak in the RTC device management was fixed. During devm_rtc_allocate_device(), a rtc_device is allocated before calling dev_set_name(). If dev_set_name() fails, the rtc_device could leak. The fix reorders actions by moving devm_add_action_or_reset() in fro...

CVE-2022-50477 rtc: class: Fix potential memleak in devm_rtc_allocate_device()

In the Linux kernel, the following vulnerability has been resolved: rtc: class: Fix potential memleak in devmrtcallocatedevice devmrtcallocatedevice will alloc a rtcdevice first, and then run devsetname. If devsetname failed, the rtcdevice will memleak. Move devmaddactionorreset in front of...

PT-2025-40664

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a memory leak in the devm rtc allocate device function. Specifically, if dev set name fails after rtc device is allocated, a memory leak occurs. The fix involve...

EUVD-2022-47532

Malicious code in bioql PyPI...

EUVD-2025-13811

Malicious code in bioql PyPI...

EUVD-2025-11997

Malicious code in bioql PyPI...

WordPress All in One Time Clock Lite plugin cross-site scripting vulnerability

WordPress All in One Time Clock Lite plugin is a plugin for tracking employee's working hours and supports employee/volunteer/contractor attendance recording and report generation. The WordPress All in One Time Clock Lite plugin suffers from a cross-site scripting vulnerability that stems from th...

CVE-2025-6832 All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier <= 2.0 - Reflected Cross-Site Scripting

The All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible...

CVE-2025-6832

CVE-2025-6832 describes a reflected cross-site scripting vulnerability in the WordPress plugin "All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier" (versions up to 2.0). According to Wordfence and CVE sources, the issue stems from insufficient input sanitization and output ...

CVE-2025-6832 All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier <= 2.0 - Reflected Cross-Site Scripting

The All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible...

WordPress plugin All in One Time Clock Lite 跨站脚本漏洞

WordPress All in One Time Clock Lite plugin is a plugin for tracking employee's working hours and supports employee/volunteer/contractor attendance recording and report generation. The WordPress All in One Time Clock Lite plugin suffers from a cross-site scripting vulnerability that stems from th...

USN-7651-6 linux-raspi vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - S390 architecture; - Block layer subsystem; - Serial ATA and Parallel ATA drivers; - Driver...

USN-7651-5 linux-raspi-realtime vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - S390 architecture; - Block layer subsystem; - Serial ATA and Parallel ATA drivers; - Driver...

USN-7651-4 linux-gcp, linux-gcp-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - S390 architecture; - Block layer subsystem; - Serial ATA and Parallel ATA drivers; - Driver...

USN-7516-9 linux-aws vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - Block layer subsystem; - Drivers core; - Network block device driver;...